Hello All,

Below are the results from our latest email phishing campaign. The email was sent to 94 staff members and consultants, resulting in 3 clicks, which corresponds to a phish-prone percentage of 3.2%!

As part of our ongoing efforts to enhance our cybersecurity awareness and resilience, we will continue to conduct phishing simulation campaigns.

*These simulations are designed to coincide with actual staff activities and events to better prepare us for real-world scenarios.

• 24 reported by the Phish Alert icon.

Please follow the tips below to avoid falling for a faulty email. Thank you all that recognized and reported these types of spam/phishing emails. As always do not hesitate to click the Phish Alert Button or forward any emails as attachments to helpdesk@acord.org if unsure of its authenticity.

1. EXT – External Email Indicator. Please exercise extra vigilance when an email is received with an EXT in the subject.
2. Unfamiliar Email Address. Check if you’ve received an email from this sender previously.
3. External Email Caution Banner. Please exercise extra vigilance when receiving external emails.
4. Hover over the link: Peek at the URL and check if it looks legit.
   1. This URL pointed to https://capital1.com-onlinebanking.com This is a clear sign of a phishing attempt.
5. Stop and Think. Does this look like a typical email from Payroll? If not sure, click “Phish Alert” and confirm with IT.
6. If viewing from a cell phone, wait until you’re at your computer to help validate the email. If unsure, click “Phish Alert” and confirm with IT.

Best regards,

ACORD Help Desk Support